1. Field of the Invention
In general, the present invention relates to a method, system and program product for automatically managing information privacy. Specifically, the present invention allows a request for information to be examined against a privacy control policy to ensure compliance with privacy control rules.
2. Background Art
As the use of the world wide web grows, computer users are increasingly conducting everyday transactions on-line. For example, today a user can purchase clothing, order prescriptions, pay bills, etc. In conducting such transactions, however, the users are typically required to provide personal information. Such information can include items such as name, address, credit card number, electronic mailing (e-mail) address, etc. Once provided, it is common for this information to be stored in a JavaBean or Enterprise JavaBean (EJB). As known in the art, a bean is a program component that generally includes data (i.e., the information) and methods (i.e., procedures that operate on the data). Storing information in a bean generally makes it easier to later access or utilize the information.
Unfortunately, when personal information is provided and stored in this manner, privacy becomes a major concern. Currently, many companies who conduct business on-line have internal privacy control policies that dictate what the company will (and will not) do with the information submitted by a user. These policies often work in conjunction with the wishes of the users. For example, when placing an order with a particular company, the interface operated by the user could include a “check box” for the user to indicate whether he/she wishes to receive future e-mail messages from the company. Thus, a rule in the company's privacy control policy could dictate that a user's e-mail address can only be used if the appropriate “check box” had been selected. If an employee of the company attempted to send an e-mail message to a user who had not checked the box, the rule would be broken.
Heretofore, attempts to protect information privacy have been tedious and time consuming. Specifically, a programmer writing an application that is used to access information had to manually code the privacy considerations into the application. This is especially tedious when a company has multiple applications that can access the information. Moreover, each time a privacy control policy changes, the application that it is coded into will have to be updated. Accordingly, no existing system is provided for automating the implementation and enforcement of privacy control policies. That is, no system currently provides automatic management of information privacy.
In view of the foregoing, there exists a need for a method, system and program product for automatically managing information privacy. Specifically, a need exists for a user's submitted information to be stored in a bean and packaged with a privacy control policy. A further need exists for a request to access, or otherwise utilize, the information in the bean to be automatically examined against the privacy control policy. Another need exists for the request to be denied if the privacy control policy would be violated.